Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 10 Shares Your Wi-Fi Password With Contacts

Posted by samzenpus on from the do-not-share dept.

gsslay writes: The Register reports that Windows 10 will include, defaulted on, "Wi-Fi Sense" which shares wifi passwords with Outlook.com contacts, Skype contacts and, with an opt-in, Facebook friends. This involves Microsoft storing the wifi passwords entered into your laptop which can then be used by any other person suitably connected to you. If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.

13 of 487 comments (clear)

  1. No by Anonymous Coward · · Score: 5, Informative

    ahhhh no, for networks you have SELECTED to share it can do it. Wifi sense being on doesn't suddenly expose all your wifi passwords. extremely inflammatory summary. still seems a stupid risky feature, just not as dumb as those writing the Slashdot summaries.

    1. Re:No by MightyMartian · · Score: 4, Informative

      Inflammatory Mode On: Why in the fuck would even want to opt-in to such a service? If it's private WiFi, it's likely to be at my home or my workplace, and in either case I absolutely do not ever want to share that over fucking Fuckbook, Twatter or whatever stupid lame-ass soshial neshworking crap site becomes the next biggest and greatest.

      Rational Mode On: Now let's imagine that my organization has a private WiFi hotspot available for employees and a few others. I do not ever want to have those keys shared outside that group, nor should I have to change MY network with an "_optout" on the end of an SSID. I would consider that a breach of security. Sure, I'll probably be able to disable Windows devices that are domain members via GPO, but if they're not actually devices belonging to the organization, or "Pro" versions of Windows where it even knows what the hell Active Directory is, then MY network is being compromised by this service.

      This is just a plain bad idea, whether you're being reasonable or inflammatory.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:No by ewhac · · Score: 5, Informative

      ahhhh no, for networks you have SELECTED to share it can do it. [ ... ]

      ERROR: MISLEADING.

      Wi-Fi Sense's default settings are to share everything, all the time. Indeed, Microsoft's rules for shipping Windows Phone 8.1 requires OEMs to turn this "killer feature" fully on. Expecting users to have the presence of mind to turn this off is willfully disingenuous.

      --
      Editor, A1-AAA AmeriCaptions
  2. Beyond Stupid by Mikkeles · · Score: 2, Informative

    This is so moronic on so many levels.

    --
    Great minds think alike; fools seldom differ.
  3. Bad Summary, Only new part is the sharing option by slacklinejoe · · Score: 2, Informative

    First, we're only talking Windows 10 PHONE Secondly, it's only available on networks you choose to allow this on. Third, yes, your wifi passwords are being backed up to make it easier when you migrate devices - Apple, Google and Microsoft all do this on your mobile devices. This isn't new! I can't imagine that this won't be opt in only by the time it RTMs (or whatever the equivalent is).

  4. Not Exactly.... by nate_in_ME · · Score: 5, Informative

    I've been running pretty much every build of Win10 since the preview first came out, and this isn't accurate at all....Yes, the Wi-Fi sense option is there, but when you connect to a new network, there's a "share with my contacts" checkbox that you have to turn ON for this network to be shared. The Wi-Fi Sense "master switch" may be on by default, but you have to specifically allow each individual network to be shared.

  5. Re:if that's true, by Anonymous Coward · · Score: 5, Informative

    The Slashdot summary is pure FUD. In the article itself you can see an image of the settings, with a large checkbox to enable/disable sharing with Outlook, Skype and Facebook independently and it also has a large slider above those where you can disable it entirely.

  6. Re:if that's true, by MightyMartian · · Score: 4, Informative

    I don't care about whether you can prevent sharing with your friends on FB it whatever, what I care about is me not having to alter my network settings so that if I give you access to my WiFi network, you sharing MY network information with the pwoe you're "friends" with.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  7. Re:if that's true, by Anonymous Coward · · Score: 5, Informative

    Your password is stored and hashed on Microsoft's servers. The hash is sent to your contacts. When they try to connect, their computer sends the hash to yours, which then checks that hash against the one on Microsoft's servers. If they match, then access is granted.

  8. Re:if that's true, by bondsbw · · Score: 4, Informative

    The way I read it, they probably don't.

    The FAQ seems to imply that it is only applicable to open routers:

    What does Wi-Fi Sense do?

    Wi-Fi Sense connects you to Wi-Fi networks around you to help you save cellular data. It can do these things for you to get you Internet access:

    Automatically connect you to open Wi-Fi networks it knows about by crowdsourcing networks that other Windows Phone users have connected to. These are typically open Wi-Fi hotspots you see when you're out and about.

    Still very questionable, but perhaps not nearly as pervasive. I'd think it would mostly apply to hotels, restaurants, and other places of business.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  9. Re:if that's true, by Rutulian · · Score: 4, Informative

    I was curious about this too. But the AC below gave a nice hint, so I went looking for a better explanation. Here is the blurb from the Wiki,

    Also referred to as WPA-PSK (Pre-shared key) mode, this is designed for home and small office networks and doesn't require an authentication server.[9] Each wireless network device encrypts the network traffic using a 256 bit key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters.[10] If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1.[11] WPA-Personal mode is available with both WPA and WPA2.

    So it seems the PSK can be passed around without revealing the passphrase. But if I also remember correctly, the PSK is supposed to rotate (or maybe that's WPA2).

  10. Re:if that's true, by Namarrgon · · Score: 4, Informative

    Here's the thing: You can leave your box unchecked - but if ANY of your friends have access to your wifi, and *their* box is checked, then all their Facebook friends will also get access to your wifi.

    And the only way you can prevent this is to append "_optout" to your SSID.

    --
    Why would anyone engrave "Elbereth"?
  11. Re:if that's true, by Pope+Raymond+Lama · · Score: 3, Informative

    It looks like it is not /. editors who can't read things here, but you. This is the sitautionm - I own Wifi access point "A"; Friend "B" comes by, I physically pass A's password to B. Now "B" is the one with the option to share or not the passwords (and all of them) with all HIS contacts - not mine. And moreover, it will happen by default - if B has 2000 Outlook.com contacts, all those 2000 people will be automatically allowed to connect on my WiFi "A". And the ony means this not to happen is if `B` opt out __all__ his sharing (not just for WiFi "A") or if WiFi "A` SSID is formatted as dictated by Microsoft (i.e., ending in `_optout`).

    This is so insanely ridiculous that there are no word to describe how ridiculous that is.

    --
    -><- no .sig is good sig.